All the Pictures from your Phone’s SD Card are Exposed. Why, Google?

by: Bogdan PetrovanMarch 2, 2012

android privacyThere are few things more personal that the pictures you snap with your mobile phone. While SSNs, bank accounts numbers, or street addresses are critical for our safety, pictures and videos take the meaning of privacy to a whole new level.

We snap pics of our dear ones, of our kids, and our friends, sometimes in situations that are meant to remain private. Now imagine how you would feel if anyone with basic programming skills and a couple of hours of spare time could steal your most personal photos. That all the photos stored on the SD card on your smartphone are free for the taking?

A nightmarish scenario? This is exactly how Android works right now. And iOS users, you’re not safe either.

How does it work?

Ok, so a couple of days ago, NYT broke news about an exploit that allowed iOS apps to read pictures and videos from an iPhone or iPad, without getting specific permission. The exploit works when you give apps permission to access your location data, which is something many apps request when installed. But when you grant the location-reading permission, you also unknowingly give iOS apps the permission to read all your photos and videos. Big brouhaha! Shame on you, Apple!

But it seems that Google is even worse at protecting your images. No, there is not a similar exploit on Android that gives apps permissions to read your photos, while you think you gave them another permission. No. Android gives all apps permission to read the photos on your SD card and do whatever they darn please with them.

How is that possible? It turns out that, rather than being a bug or an exploit, this is a FAD – a feature as designed. In other words, Android was designed from the beginning to let all apps look at the photos on your SD.

Why is that? Because Google thought about the problem that appears when Android users have several SD cards. For example, you can have an SD card with private pics that you don’t want any app to see (I’ll leave it to your imagination to determine why), so you deny all apps the right to access the SD. Later, you change the SD with another one, and now you want to grant apps access to the card, but you can’t, because you already set a restrictive permission set. To avoid this hassle, someone in the Android team decided that we can all go without explicit image read permissions. Voila, problem solved.

But Google, that’s like not installing locks on your home because one day you might lose your keys and need to change the locks. It doesn’t make sense!

Am I Just Paranoid?

Now, Google’s explanations about this privacy fiasco seem to make sense. After all, both Windows and OS X applications can read all your photos without any permission. Apparently, Google thought that mimicking the behavior of a PC operating system is perfectly natural.

Some say that it’s normal for smartphone apps to read your data without permission. This is how smartphone apps work. This is what MG Siegler thinks. See, MG Siegler says that too many prompts will ruin the fun, that soon our beautiful post-PC computing experience will be marred by apps that constantly prompt us for permission to do anything.

That we need to show a little trust!

But come on! You don’t run around with your Windows PC in your pocket. You don’t use it to take your most personal pics. Many of us have pics that we wouldn’t ever copy to a PC, just because they are safer on our own personal gadget that we carry around at all times and protect with a password. When you have to specifically tell your app that it can write data on your SD card, while the app can read photos from the SD card without asking for permission, where is the trust?

Right now, the permissions system used by Android and iOS is flawed, because it gives users a sense of false safety. When an app only asks if it can access your GPS location, you naturally assume that the app only gets that specific permission. So, how come that app can read your nude pics (there, I said it) and send them over to some random server?

Others argue that you just can’t stop nefarious app developers from stealing your photos. For instance, a photo viewing app that can upload pics to Twitter needs both access to your images and to the web. Permissions won’t stop it from stealing your pics. So why bother with permissions at all? But that’s not a valid argument. If a burglar really wants to break into your house, locks won’t stop him. Does that mean that we should ditch locks? No, it means that we need to have good alarm systems in place.

What Should Google Do?

I am disappointed in Google right now. At least Apple had an exploit on their hands. Google did it on purpose, just to keep things simple. Like a door-maker that makes docks without locks, because they look “cleaner”.

There are 450,000 applications in the Android Market. Let’s assume that 0.1% of those apps have been designed to take advantage of the SD card loophole. That would be about 450 apps that are specifically designed to steal your pictures. Sure, that’s completely speculative. But is it normal to have 450 apps in the wild that are built to read your private pictures? Moreover, is it normal to know about it and do nothing?

No, I am not spreading FUD just for the sake of page views. I think that the problem is very serious, and Google and Apple need to do something about it fast. Google has told NYT that they are “considering adding a permission for apps to access images”. Considering? Google, I think that you should do it in high priority.

What do you think? Am I overreacting? How should the permission mechanism work?

  • WestIndiesKING

    Dude please dont stop the fear mongering. I am already sick of my computer prompting me every min for permissions to do something. No fan of MG Siegler or BGR but i have to say they are right on this. If you dont download shady apps you wont have this problem of worrying about someone stealing your pics. Side note unless you are famous why in the hell would someone want to steal your pics? Also now this will cause more of an issue for apps like facebook or other social media apps that look at your gallery to upload pics to their site. This hasnt been an issue before dont make it an issue now. STOP THE FEAR MONGERING!

    • Medicci

      I know for a fact, that many mainstream apps do access your pics & other personal info. They just haven’t been caught. Most apps ask for more permissions then necessary.

      • WestIndiesKING

        Asking for permission and actually scanning and using your photos are two different things. Also getting permission to the SD card to write files to it may be necessary for said application. Its how they are using the data is what people are worried about. If you dont use shady apps then you dont have anything to worry about.

    • mich

      Are you saying that women who has vanity pics and photos of them completely nude shouldn’t be worried at all? Women likes to take vanity pics and private pics that they want to remain PRIVATE. What if those photos end up in porn sites? Whether it does or doesn’t, you don’t just give random people permission to access those photos. I wouldn’t be bothered if I walk naked all the time everywhere I go though and people see me that way. But I don’t, I wear clothes and cover my PRIVATE parts.

      I think it’s good to tell people that they shouldn’t save any private information in their SD cards than tell them they shouldn’t take their privacy too seriously (your comment sounds like that to me). I have HTC Desire, the first one of it’s series, with small internal memory that’s why I use SD card. I’m thinking of getting the new ones of HTC with large internal memory storage so that no any person especially the ones with basic programming skills could trick me and have an access to any of my personal information WHETHER IT IS OR IT’S NOT what they’re up to.

  • Jacob Markussen

    I must say that I think you’re overreacting. Mostly because I had already realized this could be done – as with any other data stored on the sd card, as long the app has simple permissions that no one would stop for even a second to consider when installing an app. And then also because I would never expect any decent looking app to do stuff like that – and as long as you pay a little attention to what you install and what you don’t I think people will be fine…

    On the other hand I still think it is a great idea to simply add a permission for accessing pictures. But where does this stop? What about .txt files? Videos? PDF’s? And whatever else we’ve got on our devices…

  • Jacob Markussen

    @WestIndiesKING -> If you are on a Windows machine, go to Control Panel, User Accounts, Manage your Account and turn off User Account Control ;-) Your life will be bliss afterwards ;-)

    • WestIndiesKING

      thats my point thou, people crime about these things then end up turning of fthe user account controls.

    • Rob Little

      @Jacob, don’t be ridiculous. User Account Control doesn’t do anything better in this respect – any app that you’ve already installed already has the access to read files that you as the user have access to read. That’s the whole point. Windows has a PER-USER permissions system, not a PER-APP permissions system.

  • spooktay

    I think you’re overreacting. I would be more worried about someone stealing/finding my phone and getting all the information off my phone or someone simply taking the SD card out.

    I wish there was a way to encrypt the SD card data so that wouldn’t be such an issue.

    As with apps being able to access my files, I’ve always been aware of that, who cares if it’s pictures or any other file

  • Shawnff

    Thank you for the great information, I am so sick of hearing about how I have no right to privacy anymore. All of you think about this what if it was your 16 year old daughter that had all of her pictures stolen from her phone. It all changes when you bring your family into the picture. I have had enough of Google, and the stealing of my private information. Its time Google backs off, they have absolutely no need to read my contacts, emails, pictures, or the location where I am at 24hrs a day.

  • you are not over reacting

  • BLash

    NOT overreacting. Being complacent and accepting of this kind of privacy invasion is the easy thing to do considering the alternative (don’t install the app or switch to a clamshell or something) but in reality accepting these privacy invasion trends is not much different then knowing and permitting complete strangers into your house to mill about, explore, extract information, and leave without a trace while you’re at work. How do you feel about that now? Sure, what harm would those invaders end up doing? They’re not stealing anything from my house, they’re simply making copies of stuff, looking in my underwear drawer and learning everything about me, my family, my children, etc. Not even considering the possible end-game of the invaders, the fact that they have those capabilities is simply not acceptable to me – and I’m just a regular guy (not a millionaire, not government, etc). I just don’t get the “no big deal” reactions. I do what I can to protect my information by using apps like “App Shield”, “Pocket Permissions”, and “Suspicious Apps” but I’m sure its in vein given all vulnerability that remains undiscovered (or better said, covered up). Yes, I’m very principled, but please be fair in recognizing that being principled is not necessarily correlated with being irrational or paranoid. My 2 cents.

  • Fuckyou

    Fuck you fore being so nieve. You dumb bitch. Its because of assholes like you that people don’t give a crap about stealing out infostart giving a shit

  • Fuckyou

    That last comment was ment for spooktay and jakeub. I love this post. It needs to go to the news

  • Seriously over reacting.

    Even if they added this to the permissions list:

    Read/Write to SD Card
    Read/Write to Gallery

    How many people would actually NOT click it? I mean seriously… and for the women who take vanity pictures… are they really not going to install the cute game their friend recommended because of a random read/write request? I think not.

    Only the seriously paranoid actually read the permissions and even fewer don’t install apps that require to many… how many of that .0001% have vanity pictures that anyone would WANT to look at… by the time you do that math… you are left with an entire one android user…

  • im worried about it to, i don’t want to see any picture or work that i didn’t post anywhere, privacy should be highly protected….

  • AuroraQuest Graves

    Simple create a blank file named .nomedia in the directory problem solved

  • Michelle Read

    Google stole my images off my old phone and refuses to return them without a lawsuit.

    Two years ago when I purchased I new Verizon Android, I was forced to sign up for Google backup for my contacts and photos. For two years all of my pictures were stored online.

    I bought a new phone from T Mobile 3 weeks ago and was assured that all of my photos and contacts would transfer over on gmail. They never did.

    I have lost thousands of images and hundreds of contacts. I contacted Google (after Verizon and T Mobile) and I asked for my information to be preserved and returned.

    I was told by google that I would have to sue them to get it back. Seriously, they didn’t even offer me any other options. Never been SO pissed!

    I was also SHOCKED to find out that google can share or use any images that are on your phone. Why isn’t there more media coverage of these things? I am sure people would think about how their use their cameras allot differently!!